The O.D.A.D.P.A.A.T.A.F.F.F.

Transcription

1 Organizational, Management and Control Model

2

3 Organizational, Management and Control Model 1 Organizational, Management and Control Model pursuant to Legislative Decree No. 231 of 8 June 2001 of S.p.A. Revision N. 4 of the Organizational, Management and Control Model pursuant to Legislative Decree No. 231/01 approved by the Board of Directors of on June 28th, 2012 Available on company s intranet in section Manuals and on website: section Governance/Internal Control System

4 Organizational, Management and Control Model 2 CONTENTS GENERAL PART 6 1. LEGISLATIVE DECREE No. 231/2001 AND RELEVANT REGULATIONS The regime of administrative liability for legal entities Sanctions Attempts to Commit Crime or Crime Committed Abroad Proceedings for the assessment of the offence and examination of suitability by the court Actions by which the exemption from administrative liability is obtained CONFINDUSTRIA GUIDELINES ADOPTION BY ANSALDO STS OF THE ORGANIZATIONAL AND MANAGEMENT MODEL Corporate Objectives and Mission Corporate Governance Organizational structure internal use Motivations of in adopting the Organiztional, Management and Control Model Pursuant to Legislative Decree no. 231/ Purposes of the Model The Model s Preparation Process Document Outline Adoption and Management of the Model in the Group Elements of the Model Amendments and Integrations to the Model SURVEILLANCE BODY Identification of the Surveillance Body Functions and Powers of the Surveillance Body Reporting by the Surveillance Body to the Corporate Bodies Information flows to the Surveillance Body Notifications from within the company or by third parties Obligations relating to the Disclosure of Official Acts Collection of, Keeping and Access to the files of the O.d.V PERSONNEL TRAINING AND CIRCULATION OF THE MODEL IN THE CORPORATE ENVIRONMENT 32 AND OUTSIDE THE COMPANY Personnel Training Information to External Co-workers and Partners DISCIPLINARY SYSTEM AND MEASURES IN THE EVENT OF NON-COMPLIANCE 32 TO THE PROVISIONS OF THE MODEL 6.1. General principles Sanctions for Employees Workers and Middle Management Executives ( Dirigenti ) Measures towards Directors and Statutory Auditors Measures towards Co-workers, Consultants, Partners, Other Parties in Transactions and other external persons Procedure for the application of sanctions Disciplinary proceedings towards Board directors and members of the Statutory Auditors Disciplinary proceedings towards executives Disciplinary proceedings towards employees Disciplinary proceedings towards third party recipients of the Model 37

5 Organizational, Management and Control Model 3 7. REVIEW OF THE APPLICATION AND SUITABILITY OF THE MODEL 37 SPECIAL SECTION A 38 Crimes to the Detriment of the Public Administration AND THE ADMINISTRATION OF JUSTICE 38 A.1. TYPES OF CRIMES IN THE RELATIONSHIPS WITH THE PUBLIC ADMINISTRATION 39 A.2. AREAS AT RISK INTERNAL USE 43 A.3. RECIPIENTS OF THE SPECIAL SECTION GENERAL PRINCIPLES OF CONDUCT AND IMPLEMENTATION OF THE DECISION MAKING PROCESS IN RISK AREAS OF ACTIVITY 43 A.4. RISK AREAS OF ACTIVITY: ESSENTIAL ELEMENTS OF THE DECISION-MAKING PROCESS 49 A.4.1 Single risk operations: determination of internal managers in charge and Evidence Sheets 49 A.5. Instructions and audits of the O.d.V. 49 SPECIAL SECTION B 51 Corporate Crimes 51 B.1. TYPES OF CORPORATE CRIMES AND ADMINISTRATIVE OFFENCES (Article 25-ter and 25-sexies of the Decree, Article 187-quinquies of the TUF Consolidated Law on Finance) 52 B.2. AREAS AT RISK INTERNAL USE 60 B.3. RECIPIENTS OF THE SPECIAL SECTION GENERAL PRINCIPLES OF CONDUCT IN RISK AREAS OF ACTIVITY 61 B.4. CRITERIA FOR THE IMPLEMENTATION OF THE ABOVE DESCRIBED BEHAVIOURS 61 B.4.1 Financial statements and other corporate communications 61 B.4.2 Related party transactions 64 B.4.3 Exercise of powers of control over the corporate management 64 B.4.4 Safeguard of the share capital 64 B.4.5 Activities subject to surveillance 65 B.4.6 Activities capable of having an influence on the market 65 B.5. INSTRUCTIONS AND AUDITS OF THE O.d.V. 66 SPECIAL SECTION C 68 Offences against the industrial injury and workplace health and safety regulations (art. 25-septies of the decree) 68 C.1. PREAMBLE 69 C.2. THE TYPES OF OFFENCES AGAINST THE INDUSTRIAL INJURY AND WORKPLACE HEALTH AND SAFETY REGULATIONS 69 C.3. RISK FACTORS EXISTING IN ANSALDO STS S.P.A. INTERNAL USE 70 C.4. GENERAL PRINCIPLE OF CONDUCT 70 C.4.1 The organizational system 72 C.4.2 The education, information and training 74 C.5. THE INSPIRING PRINCIPLES OF THE WORKPLACE SAFETY AND HEALTH PROCEDURAL PROTOCOLS 75 C.5.1 Procedural Protocols 77 C.6. PREVENTION AND MONITORING ACTIVITY OF THE SUPERVISORY BOARD 78 C.7. Safety management system of in relation to the application of art. 30 Legislative Decree no. 81/ INTERNAL USE 79 SPECIAL SECTION D 80 Receiving stolen goods, Money Laundering and Use of money, goods or utility of illicit origin 80 D.1. THE TYPES OF OFFENCES OF RECEIVING STOLEN GOODS, MONEY LAUNDERING AND USE OF MONEY, GOODS OR UTILITY OF ILLICIT ORIGIN (art. 25-octies of the Decree) 81 D.2. AREAS AT RISK INTERNAL USE 84 D.3 GENERAL PRINCIPLES OF CONDUCT AND DECISION-MAKING PROCESS IMPLEMENTATION IN THE AREAS AT RISK 84 D.4. INSTRUCTIONS AND AUDITS OF THE SUPERVISORY BODY 85

6 Organizational, Management and Control Model 4 SPECIAL SECTION E 86 IT CRIMES AND ILLICIT TREATMENT OF DATA. COPYRIGHT BREACH CRIMES 86 E.1. THE DATA PROCESSING CRIMES AND THE ILLICIT TREATMENT OF DATA (art. 24 bis of the Decree) 87 E.2. AREAS AT RISK INTERNAL USE 92 E.3. RECEPIENTS OF THE SPECIAL SECTION - GENERAL PRINCIPLES OF BEHAVIOUR IN THE AREAS AT RISK 93 E.4. INSTRUCTIONS AND AUDITS OF THE GOVERNANCE BODY 96 SPECIAL PART F 97 ORGANISED CRIME OFFENCES 97 F.1 TYPE OF CRIMES 98 F.2 AREAS AT RISK INTERNAL USE 100 F.3 RECEPIENTS OF THE SPECIAL SECTION GENERAL PRINCIPLES OF CONDUCT 100 F.4 INSTRUCTIONS AND AUDITS OF THE O.d.V 100 SPECIAL PART G 102 crimes in breach of environmental regulations 102 G.1 introduction 103 G.2 TYPE OF CRIMES COMMITTED IN BREACH OF ENVIRONMENTAL REGULATIONS 103 G.3 ENVIRONMENTAL MANAGEMENT SYSTEM 111 G.4 RISK FACTORS EXISTING IN ANSALDO STS S.P.A INTERNAL USE 112 G.5 GENERAL PRINCIPLES OF CONDUCT 112 G.6 The organizational system 113 G.7 INSTRUCTIONS AND AUDITS OF THE O.D.V. 116

7 Organizational, Management and Control Model 5 The following documents are integral part of the Organizational, Management and Control Model: 1) Code of Ethics (MNL 004); 2) Organisational Structure Legal Entity Italy (ORA 007), that describes the organizational structure of S.p.A., INTERNAL USE; 3) Delegation Matrix (ORA 008), that contains the powers of attorney and the limits of signatory powers assigned to senior managers in S.p.A., INTERNAL USE; 4) Delegation Matrix (ORA 012), which shows the delegation of the Employer and other relevant roles regarding safety at work and environemntissue in AnsaldoSTS S.p.A., INTERNAL USE; 5) Evidential Paper (TMP 048), that is the Evidential Paper used to report the relations with the Public Administration *; 6) Periodic Statement (TMP 049), that is the Periodic Statement about the compliance with the Model and the powers of attorney and the limits of signatory powers *; 7) Significant Parties for the requirements of the Internal Dealing CONSOB Regulations (ORA 009), that states the significant parties as defined by Consob regulation n of 1999 as subsequently amended and supplemented (Discipline of Issuers), INTERNAL USE * Attached as Annex A and Annex B

8 Organizational, Management and Control Model 6 GENERAL PART

9 Organizational, Management and Control Model 7 1. LEGISLATIVE DECREE No. 231/2001 AND RELEVANT REGULATIONS 1.1. The regime of administrative liability for legal entities Legislative Decree n. 231, dated 8 June 2001, which has introduced the Regulation on the administrative liability of legal entities, of companies and of associations, including those with no legal personality, (hereinafter referred to as the Decree ) has brought the provisions of Italian law on the liability of legal entities into line with a number of international treaties, to which Italy had already signed up, and in particular with: the Brussels Convention, dated 26 July 1995 on the protection of the European Community s financial interests; the Brussels Treaty, dated 26 May 1997 on the fight against corruption involving public officials of the European Communities or officials of the Member States of the European Union; the OECD Convention, dated 17 December 1997 on combating bribery of foreign public officials in international business transactions. The Decree has introduced into the Italian legal system a regime of administrative liability (substantially comparable to criminal liability), for legal entities, companies and associations including those without legal personality (hereinafter referred to as the Entities ) in whose interest, or advantage, the crimes have been committed by: individuals with functions of representation, management or direction within those Entities or in one of their organizational units with financial and functional autonomy, and individuals exercising, also de facto, the management and control of such Entities; individuals subject to the direction or supervision of the above mentioned management. The administrative liability of legal entities is combined together with the liability of the individual who has physically committed the crime and both can be subjected to investigation in the course of the same proceedings before a criminal judge. Moreover, the Entity s liability persists also where the individual responsible for the crime has not been identified or is not punishable. The Entity is liable only in connection with the following types of crimes: i) crimes committed to the detriment of the Public Administration; ii) IT crimes and illegal data handling; iii) iv) Organised association crimes; crimes regarding counterfeiting of money, instruments of public credit and tax stamps and identification instruments or distinctive signs; v) crimes against industry and trade; vi) corporate crimes; vii) terrorist crimes or crimes aimed at subverting democratic order; viii) crimes against physical integrity, with particular reference to sexual offences against women; ix) crimes against the individual in matters of child protection and enslavement; x) administrative offences and crimes in matter of market abuse; xi) offences and crimes committed in breach of the health and safety workplace regulations; xii) crimes of handling, laundering and use of money, goods or utilities of illegal origins; xiii) crimes regarding violations of copyright; xiv) crimes of obstruction of justice; xv) crimes in breach of environmental regulations. Based on an analysis of the activities carried out by the Company, the activity performed by is believed to be exposed to the risk of commission of the offences listed under points i), ii) iii)vi), x), xi, xii, xiv and xv), which have been therefore subject to detailed analysis in the Special sections of the Model. As far as regards the offences listed in points iv), v), to which s activity is not significantly exposed, the Company has deemed its system of - organizational, procedural and ethical governance, intended to ensure the correct conduct of corporate affairs, also suitable for minimizing the risk of such offences being committed, with reference, in particular, to the principles expressed in the current Code of Ethics and the protocols specifically drawn up for the prevention of the offences specified in the Special sections of the Model. Given s business activity, risk profiles for the types of offences listed in vii), viii), ix), the commission of which would be entirely contrary to the Company s guiding principles expressed in the Code of Ethics, are deemed not applicable.

10 Organizational, Management and Control Model 8 Legislative Decree 231/01 initially included only offences specified in the provisions of Articles 24 and 25: as a result of subsequent legislative measures the types of offences have been considerably expanded. The following offences currently stated in the Legislative Decree 231/01, or in legislation referring to the Decree, give rise to the Entities administrative liability: 1. Crimes against the Public Administration and against the property of the Public Administration (Articles 24 and 25 Legislative Decree 231/2001): improper obtainment of funds to the detriment of the State or of another public entity (Article 316 ter of the Italian Criminal Code); misuse of public funds to the detriment of the State or of another public entity (316 bis of the Italian Criminal Code); fraud to the detriment of the State or of a public entity (Article 640, second paragraph, No. 1 of the Italian Criminal Code); aggravated fraud aimed at obtaining public funding (Article 640 bis of the Italian Criminal Code); computer fraud to the detriment of the State or of another public entity (Article 640-ter of the Italian Criminal Code); corruption (Articles 318, 319, 320, 321 and 322 bis of the Italian Criminal Code); incitement to corruption (Article 322 of the Italian Criminal Code); judicial corruption (Article 319 ter of the Italian Criminal Code); concussione, i.e. extortion by individuals performing public service (Article 317 of the Italian Criminal Code); 2. IT crimes and illegal data handling (Article 24-bis) introduced by Law no. 48/2008: false statements in IT documents (Article 491-bis of the Italian Criminal Code); unlawful access to an IT or telematic system (Article 615-ter of the Italian Criminal Code); unlawful possession and dissemination of IT or telematic systems access codes (Article 615-quarter of the Italian Criminal Code); dissemination of equipment, devices or IT programmes aimed at damaging or interrupting an IT or telematic system (Article 615-quinquies of the Italian Criminal Code); interception, impediment or unlawful interruption of IT or telematic communications (Article 617-quarter of the Italian Criminal Code); installation of equipment aimed at intercepting, impeding, or interrupting IT or telematic communications (Article 617-quinquies of the Italian Criminal Code); damage to information, data and IT programmes (Article 635-bis of the Italian Criminal Code); damage to information, data and IT programmes used by the State or other public bodies or of otherwise public utility (Article 635-ter of the Italian Criminal Code); damage to IT or telematic systems (Article 635-quarter of the Italian Criminal Code); damage to IT or telematic systems of public utility (Article 635-quinquies of the Italian Criminal Code); computer fraud by the subject providing electronic signature certifying services (Article 640-quinquies of the Italian Criminal Code). 3. Offences regarding organized crime (Article 24 ter) introduced by Law no. 94/2009: organised crimes (Article 416, Italian Criminal Code); criminal association for the purpose of reduction to or maintenance of slavery, trade of human beings, sale and purchase of slaves and offences relating to violations of the provisions on illegal immigration as stated in Article 12 of Legislative Decree no. 286/1998 (Article 416, sixth paragraph, Italian Criminal Code); criminal association of a mafia type (Article 416-bis of the Italian Criminal Code); political mafia electoral clientelism (Article 416-ter);

11 Organizational, Management and Control Model 9 abduction of a person for the purpose of extortion (Article 630 of the Italian Criminal Code); offences committed by using the conditions stated in Article 416-bis in order to facilitate the activity of associations stated in the same article; criminal association for the purpose of illegally trafficking in drugs or psychotropic substances (Article 74 of the Unified Text of the Decree of the President of the Republic of 9 October 1990 no. 309); criminal association (Article 416 of the Italian Criminal Code, with the exception of paragraph 6); offences relating to the manufacture and trafficking of weapons of war, explosives and illegal weapons (as stated in Article 407, paragraph 2, letter a), number 5), of the Italian Code of Criminal Procedure). 4. Crimes regarding counterfeiting of money, instruments of public credit and stamps and identification instruments or distinctive signs (Article 25 bis) amended by Law No. 99/2009: counterfeiting of money, spending and introduction into the State, of counterfeit money, acting in concert (Article 453 of the Italian Criminal Code); alteration of money (Article 454 of the Italian Criminal Code); counterfeiting of watermarked paper used for the production of legal tender or stamps (Article 460 of the Italian Criminal Code); production or possession of thread marks or instruments used to counterfeit money, official stamps or watermarked paper (Article 461 of the Italian Criminal Code); spending and introduction into the State of counterfeit money, not acting in concert (Article 455 of the Italian Criminal Code); spending of counterfeit money received in good faith (Article 457 of the Italian Criminal Code); use of counterfeit or altered stamps (Article 464, paragraphs 1 and 2 of the Italian Criminal Code); forgery of stamps, introduction into the State, purchase, possession or putting in circulation of forged stamps (Article 459 of the Italian Criminal Code); counterfeiting, alteration or use of distinctive signs of intellectual property or of industrial products (Article 473 of the Italian Criminal Code); introduction into the State and market products with false signs (Article 474 of the Italian Criminal Code). 5. Offences against industry and trade (Article 25 bis. 1) - introduced by Law no. 99/2009: obstructing industry and trade (Article 513 of the Italian Criminal Code); illegal competition with threats or violence (Article 513 bis Italian Criminal Code); fraud against the national industries (Art. 514 of the Italian Criminal Code); fraud in trade (Article 515 of the Italian Criminal Code); sale of not genuine as well as genuine food substances (Article 516 of the Italian Criminal Code); sale of industrial products with misleading signs (Article 517 of the Italian Criminal Code); manufacture of and trade in goods made by usurping industrial property rights (Article 517 ter of the Italian Criminal Code); counterfeiting of geographical indications or designations of origin of farm produce (Article 517 quarter of the Italian Criminal Code). 6. Corporate crimes (Article 25 ter) introduced by Legislative Decree 61/2002: false corporate communications (Article 2621 of the Italian Civil Code);

12 Organizational, Management and Control Model 10 false corporate communications to the detriment of the shareholders or of the creditors (Article 2622, paragraphs 1 and 3 of the Italian Civil Code); false statements in the reports or communications of the Independent Auditor (Article 2624, paragraphs 1 and 2 of the Italian Civil Code); obstruction of control activities (Article 2625, paragraph 2 of the Italian Civil Code); fictitious capital formation (Article 2632 of the Italian Civil Code); improper reimbursement of contributions (Article 2626 of the Italian Civil Code); illegal distribution of profits and reserves (Article 2627 of the Italian Civil Code); unlawful transactions on the shares or on the quotas of the Company or of its holding company (Article 2628 of the Italian Civil Code); transactions in prejudice of creditors (Article 2629 of the Italian Civil Code); improper distribution of the corporate assets by the liquidators (Article 2633 of the Italian Civil Code); unlawful influence over the shareholders meeting (Article 2636 of the Italian Civil Code); market rigging (Article 2637 of the Italian Civil Code); failure to disclose a conflict of interest (Article 2629 bis of the Italian Civil Code); obstruction of public surveillance authorities in the performance of their duties (Article 2638, paragraphs 1 and 2 of the Italian Civil Code). 7. Crimes committed for purposes of terrorism or aimed at subverting democratic order (Article 25 quarter) introduced by Law No. 7/2003; 8.Crimes committed in carrying out female genital mutilation practices (Article 25 quarter 1) introduced with Law No. 7/2006; 9. Crimes against the individual (Article 25 quinquies) introduced by Law No. 228/2003: reduction to a state of slavery (Article 600 of the Italian Criminal Code); trafficking and trade of slaves (Article 601 of the Italian Criminal Code); sale and purchase of slaves (Article 602 of the Italian Criminal Code); juvenile prostitution (Article 600 bis, paragraphs 1 and 2 of the Italian Criminal Code); juvenile pornography (Article 600 ter of the Italian Criminal Code); tourism aimed at the exploitation of juvenile prostitution (Article 600 quinquies of the Italian Criminal Code); possession of pornographic material (Article 600 quarter of the Italian Criminal Code). 10. Market abuse crimes (Article 25 sexies) introduced by Law No. 62/2005: misuse of privileged information (Article 184 Consolidated Law on Finance, Legislative Decree no. 58); market manipulation (Article 185 Consolidated Law on Finance, Legislative Decree no. 58); 11. Crimes committed in breach of the health and safety workplace regulations (Article 25 septies) introduced by Law No. 123/2007: manslaughter due to negligence (Article 589 of the Italian Criminal Code); serious or very serious personal injury due to negligence (Article 590, paragraph 3 of the Italian Criminal Code);

13 Organizational, Management and Control Model Crimes of handling, laundering and use of goods of illegal origins (Article 25 octies) introduced by Law No. 231/2007: handling; laundering; use of money, goods or utilities of illegal origins. 13. Crimes regarding breach of copyright (Article 25 novies) introduced by Law No. 99/2009: provided for in and punished by Articles 171 paragraph 1 letter a) bis and paragraph 3, Article 171 bis, 171 ter, 171 septies and 171 octies of Law 633 of Crime regarding incitement to not testify or to bear false testimony to Judicial Authorities (Article 25 novies) introduced by Law No. 116/2009. instigation to not testify or to bear false testimony to the Judicial Authority: personal aiding and abetting. 15. Environmental crimes (art. 25-undecies) introduced with Legislative Decree 121/2011. The Legislator might, in the future, integrate further crime species into the text of the Decree, extending the Entities liability to cover new types of crime, whose potential impact for the purposes of Legislative Decree no. 231/01 will have to be assessed by the Company Sanctions The sanctions established for administrative offences depending on a crime are as follows: monetary penalties; disqualification; confiscation; publication of the sentence. In particular, disqualifications of no less than three months and no more than two years specifically concern the activity related to the offence committed by the Entity and are as follows: debarment from exercising business activity; ban on contracting for work with the Public Administration; suspension or revocation of those permits, licenses or concessions which were/are functional to the commission of the offence; exclusion from public aid, financing, grants and subsidies and/or revocation of those already granted; ban on advertising goods or services. Disqualification is only applied in the cases specifically set out in the Decree if at least one of the following conditions apply: 1) the Entity has obtained a considerable profit as a consequence of the crime and the crime has been committed by: top managers or individuals under the direction or supervision of others if the crime has been determined or facilitated by serious weaknesses in the organization; 2) in the event of repetition of the unlawful behaviour. Type and duration of the disqualification are established by the judge, who takes into account the seriousness of the

14 Organizational, Management and Control Model 12 offence, the degree of liability of the Entity and the activity performed by the Entity in order to eliminate or dilute the consequences of the offence and prevent the performance of further offences. In lieu of the sanction, the judge may decide for the activity of the Entity to be carried on by a court appointed administrator. Disqualification may be applied to an Entity as a preventive measure when there are serious indications of an involvement of the Entity in committing the crime and specific grounds to fear that offences of the same nature as the one being prosecuted may occur (Article 45). Even in this case, in lieu of the preventive disqualification, the judge may appoint an administrator. Non-observance of the disqualification is an independent crime and is regarded, for the purposes of the Decree, as a possible source of administrative liability for the Entity (Article 23). Monetary sanctions, applicable to any offences, are determined based on a system of no less than one hundred and no more than one thousand quota, whose amount may vary from a minimum of Euro to a maximum of Euro 3, The number of the quota is established by the court, who takes into account the seriousness of the offence, the degree of liability of the Entity and the activity performed by the Entity in order to eliminate or dilute the consequences of the offence and prevent the performance of further offences. The amount of the quota is established based on the assets and income of the Entity, in order to ensure the effectiveness of the sanction (Article 11 of the Decree). In addition to the above sanctions, the Decree provides for the confiscation of the crime proceeds or profits, which may involve assets or other properties of equivalent value, and for the publication of the sentence when a disqualification is ordered Attempts to Commit Crime or Crime Committed Abroad The Entity is liable also for any offences arising from attempts to commit crimes or from crimes committed abroad. In the cases of attempts to commit the crimes provided for in the Decree, monetary sanctions and disqualifications are reduced of between a third and a half, whereas sanctions are not applied when the Entity voluntarily prevents completion of the action or realization of the event. The exclusion of sanction is justified, in this case, by the severance of any relationship of identification between the Entity and the individuals who claim to act on its behalf and in its name. Based on the provisions of Article 4 of the Decree, the Entity with registered office in Italy may be made accountable, in relation with the crimes provided therein and committed abroad, with a view not to leave unsanctioned a frequent criminal conduct, as well as to prevent any avoidance of this entire regulatory framework. The liability of the Entity as regards crime committed abroad is grounded as follows: a) the crime must be committed abroad by an individual functionally connected to the Entity for the purposes of Article 5 (1) of the Decree; b) the Entity must have its main office in the territory of the Italian State; c) the Entity is accountable only in the cases and at the conditions provided for by Articles 7, 8, 9, 10 of the Italian Criminal Code. Existing the cases and conditions provided for in the above mentioned Criminal Code articles, the Entity is liable, unless it is prosecuted in the state where the crime has been committed Proceedings for the assessment of the offence and examination of suitability by the court The Company s liability for administrative offences arising from a crime is assessed by means of criminal proceedings. Another rule of the Decree, prompted by reasons of effectiveness, uniformity and economy of the proceedings, provides for the mandatory unification of the proceedings: proceedings against the Entity must be unified as much as possible with the criminal proceedings against the individual committing the crime giving rise to the Entity s liability. The task of assessing the Entity s liability rests with the criminal court, based on a specific legal trail: ascertaining that the offence for which the Company is held accountable has been committed; ascertaining that the Entity actually had an interest in or drew a benefit from the crime committed by an employee or top manager;

15 Organizational, Management and Control Model 13 ascertaining that the organizational model adopted by the Company is suitable. The court examines the theoretical suitability of the organization model to prevent crime for the purposes of the Decree by means of the so-called retroactive prognosis. The examination of suitability is, therefore, formulated on an essentially retroactive basis, insofar as the court figures out the Company situation at the time of the occurrence of the unlawful event in order to test the adequacy of the adopted model Actions by which the exemption from administrative liability is obtained Articles 6 and 7 of the Decree foresees specific types of exemption from administrative liability for the Entity in the interest or on its behalf of which the relevant crimes have been committed by top management and/or employees. In particular, when crimes are committed by top management, Article 6 provides that the Entity may be exempted if it proves that: a) the executive management body has adopted and effectively applied, before the crime was committed, an organizational and management model capable of preventing crimes of the same kind as those which have been committed (hereinafter referred to as the Model ); b) the task of overseeing operation of and compliance with the Model and proposing any updates of the Model itself has been entrusted to a Surveillance Body of the Entity (hereinafter referred to as the O.d.V. ), having autonomous powers of initiative and control; c) the individuals who have committed the crime have fraudulently eluded the above-mentioned Model; d) the O.d.V. did not fail to perform its surveillance duties or applied an insufficient level of surveillance. With regard to employees, Article 7 provides for the Entity s exemption from liability when the entity has adopted and effectively implemented, before the crime was committed, an organizational, management and control model, capable of preventing crimes of the same kind to those which have taken place. The Decree provides that the Model must meet the following requirements: identification of the activities in the context of which there is a possibility that crimes may be committed; provision of specific protocols (included in the system of corporate procedures) focused upon the making and implementation of the Entity s decisions in relation to the crimes to be prevented; identification of ways to manage financial resources capable of impeding the commission of crimes; providing for a duty to inform the O.d.V.; introduction of an internal disciplinary system capable of sanctioning any failure to comply with the measures indicated in the Model. Subject to the above mentioned requirements, the Decree provides that the Model may be adopted on the basis of codes of conduct drawn up by associations which represent the business sector, and notified to the Ministry of Justice which, together with the other competent Ministries, may, within 30 days, express an opinion on the suitability of the models to prevent crimes. In relation to administrative offences and crimes in matter of market abuse, such an evaluation of suitability is carried out by the Ministry of Justice, after consultation with Consob. Finally, in small-sized entities, the surveillance activity may be performed directly by the executive management body. 2. CONFINDUSTRIA GUIDELINES The drawing up of this Model is inspired by the Guidelines issued by Confindustria (the Confederation of Italian Industry) (hereinafter referred to as the Guidelines ) on March 7, 2002, as integrated on October 3, 2002 by the Integrative Appendix on corporate crimes, as subsequently updated on March 31, According to the Guidelines, the Model may be set up in accordance with the following key points: identification of the areas at risk, aimed at verifying in which areas/sectors of the corporate activity crimes may be committed; setting up of a control system, capable of reducing the risks through the adoption of specific protocols. This should be supported by a coordinated system of organizational structures, of operative rules and activities

16 Organizational, Management and Control Model 14 to be applied upon indication of the top management by management and company personnel aimed at achieving, with reasonable likelihood, the goals of a good internal control system. The most important components of the preventive control system proposed by Confindustria are: code of ethics; organizational framework; both manual and IT procedures; system of powers and delegated authorities; control and management system; information to and training of personnel. The control system, furthermore, must follow the following principles: suitability to verification and to documentation, consistency and congruity of each transaction; segregation of duties (no individual should be able to autonomously manage all the stages of a process); documentation of controls; introduction of an adequate system of sanctions for any breach of the rules and procedures provided for by the model; identification of the O.d.V., the main requirements of which are: - autonomy and independence; - professionalismcontinuous action; duty of the company s functions, and in particular those identified as being most at risk, to supply the information to the O.d.V., both on a systematic basis and for the purpose of notifying anomalies or atypical features which one is aware of (in this latter case, the duty readily is extended to all employees without regard to hierarchical reporting lines); possibility to organize in a context of a group, the centralization within the O.d.V. of the holding company of those operative resources dedicated to the surveillance activities in the companies of the group itself, provided that: - an O.d.V. is instituted in each subsidiary; - the subsidiary s O.d.V. may avail itself of the resources of the holding company s O.d.V. on the basis of a pre-defined contractual relationship; - the employees of the Holding company s O.d.V., in carrying out the controls on the other companies of the Group, take on the role of external professionals performing their activity in the interest of the subsidiary, report directly to the latter s O.d.V. and complying with the confidentiality obligations required of an external consultant. It is understood that the choice of not adopting the Guidelines for certain matters does not affect the validity of the Model. The latter, drawn up with reference to particular matters of a specific company, may differ from the Guidelines, which are, by their very nature, general. 3. ADOPTION BY ANSALDO STS OF THE ORGANIZATIONAL AND MANAGEMENT MODEL 3.1. Corporate Objectives and Mission S.p.A., listed on the Milan stock exchange, the industrial holding company of the Group, is a leading technology company operating in the rail and mass transit transportation system. The organization of provides central functions of protection of the business and common processes in research and development, in purchasing and in production, in the approach to markets and in the delivery of projects.

17 Organizational, Management and Control Model 15 The companies of the group, grouped for geographical areas, take care of the local coordination of the commercial and delivery activities. In particular, the business refers to two Business Units Signalling and Transportation Solutions and to one technical unit Standard Product & Platform. The Business Units (Signalling and Transportation Solutions) have the following tasks: to define and to implement at a worldwide level, and for each single Country, specific business strategies in order to ensure efficiency and efficacy; to manage the resources at a worldwide level and to monitor markets and competitors; to ensure the implementation of processes, procedures and instruments; to ensure the capitalization and the sharing of the knowledge at a worldwide level. The Unit SPP has the following task to develop and to manage the portfolio of products / platforms / generic applications; to develop strategies and innovations able to ensure efficiency and real development; to verify and to ensure the safety of the products and platforms realized, through the activity of RAMS Reliability, Availability, Maintainability and Safety; to supply the Business Units with all the components, systems and services in a view of optimization of times and costs of the provisioning and production process; to manage the technical resources; to ensure the implementation of common processes, procedures and instruments; to ensure the capitalization and the sharing of the knowledge. The central staff structures ensure the coordination of the functions supporting the business. S.p.A pursues its mission in strict observance of the objective of value creation for its shareholders, and with the aim of strengthening its competitive position in its business sectors Corporate Governance The corporate governance adopted by has been drafted on the basis of the principles laid down in the Corporate Governance Code, adopted by the Italian stock exchange in March 2006, as well as on the basis of international best practise. It is based on the key role of the Board of Directors, which manages the Company and pursues its mission in strict observance of the primary objective, which is the creation of value for its shareholders, by actively operating in order to define industrial strategies and directly intervening in all decisions concerning the most important issues, such as management, reserved for their exclusive competence. s corporate governance is based on the traditional model and complies with the regulations regarding listed issuers and is set out as follows: shareholders meeting, responsible for ordinary or extraordinary resolutions in the matters reserved to it by the Law or by the Articles of Association; Board of directors, vested with the broadest powers for the administration of the Company, with the authority to perform any appropriate action for the achievement of corporate objectives, with the exclusion of the acts which the Law and the Articles of Association reserve to the Board of Directors. With the exception of Chief Executive Officer, the Board consists of non executive directors and independent directors such as to guarantee, by number and authority, the relevance of respective evaluations leading to board s resolutions, thus contributing to ensure their compliance to the Company s interests; Board of Statutory Auditors, in charge of monitoring: a) compliance with the law and the Articles of Association, and observance of the principles of correct administration; b) the adequacy of the Company s organizational structure, of the internal control system and the accounting and administrative system, including how reliable this latter is in accurately reporting operating events; c) the appropriateness of instructions issued to subsidiaries in relation to statutory disclosures; Independent Auditors, under current legislation, auditing is carried out by qualified Independent Auditors listed in the special CONSOB register, as appointed by the Shareholders Meeting.

18 Organizational, Management and Control Model 16 The following committees have been set up within the Board of Directors: a) Internal Control Committee; b) Remuneration Committee. a) the Internal Control Committee, in carrying out its surveillance duties, has advisory and proposal functions towards the Board of Directors. In its periodic assessment of the suitability and functionality of the organizational structure relating to the internal control system, the Internal Control Committee works together, by way of consultation and proposal, with the Board of Directors. The organizational structure of the internal control system is a set of processes aimed at monitoring the efficiency of corporate operations, the reliability of financial information, the compliance with laws and regulations and the safeguarding of the company s assets. In the performance of its duties, the Internal Control Committee may rely on the support of both employees and external consultants, provided these are adequately bound to confidentiality. b) the Remuneration Committee performs the following functions and duties established by the Board of Directors: by power of attorney from the Board of Directors, proposes the remuneration and contract terms of the Chief Executive Officer, by prior consultation with the Board of Statutory Auditors where required pursuant to Article 2389 of the Italian Civil Code, within the scope and the limits of the terms and conditions governing his/ her work relationship with the Company, with reference to relative terms and conditions, salary adjustments, contract termination also in the form of a settlement, and definition of obligations upon termination of the relationship; evaluate the proposals put forward by the Chief Executive Officer in relation to the general criteria for remuneration and bonuses, for managerial development plans and systems, key resources of the Group and of the Directors in possession of powers granted by Group Companies; assist the Company s Top Management in defining best policies for managing the Group s managerial resources; evaluate the proposals put forward by Top Management, concerning the introduction and amendment of stock incentive plans or stock grant plans for Directors and Top managers of the Company or of Companies of the Group, to be submitted for approval to the Board of Directors; prepare, for the approval of the Board, the remuneration plans based on the allotment of stocks or options for the purchase of Company s stocks to the benefit of Directors and Top management of the Company or of the Group s companies. For the purpose of performing the duties assigned to it, the Remuneration Committee may be supported by both employees and external consultants at the expense of the Company provided these are adequately bound to confidentiality. Further, in terms of corporate governance, note that the Board of Directors, with the assistance of the Internal Control Committee, has identified the Chief Executive Officer as the executive director in charge of overseeing the functionality of the internal control system. The Chief Executive Officer: a. sees to the identification of the main corporate risks, taking into account the characteristics of the activities performed by the Company and its subsidiaries, and periodically submits them to the examination of the Board of Directors; b. enforces the guidelines defined by the Board of Directors, seeing to the planning, implementation and management of the internal control system, constantly assessing its overall adequacy, effectiveness and efficiency; moreover, he/she adjusts the system to the dynamics of the operating conditions and the legislative and regulatory framework; c. proposes to the Board of Directors the appointment, revocation and remuneration of one or more person/s responsible for internal control.

19 Organizational, Management and Control Model 17 Moreover, the Board of Directors has adopted specific principles of conduct in relation to Transactions with Related Parties; it has introduced internal procedures for the correct handling of Privileged Information and it has implemented a Code of Conduct in relation to Internal Dealing aimed at ensuring disclosure of information concerning transactions in financial instruments carried out by parties deemed as significant pursuant to the aforesaid Code Organizational structure internal use 3.4. Motivations of in adopting the Organiztional, Management and Control Model Pursuant to Legislative Decree no. 231/01, in order to ensure that anybody working for or on behalf of the Company strictly complies with all the principles of fairness and transparency in the conduct of business and corporate affairs, has deemed it appropriate to adopt an Organisational and Management Model in line with the provisions of Legislative Decree no. 231/2001 and based on the Guidelines issued by Confindustria, the Confederation of Italian Industry. Together with the adoption of the Code of Ethics, this initiative was undertaken in the belief that regardless of the provisions of the Decree, which in fact designated the Model as an optional and not a mandatory element the adoption of the said Model will represent a valid instrument to promote the awareness of anyone who operates in the interest or to the benefit of. In particular, we consider Recipients of this Model and, as such and within each recipient s sphere of competence, under an obligation to know it and comply with it: the members of the Board of Directors, when setting targets, deciding activities, implementing projects, proposing investments, and in any decision or action concerning the Company s business performance; the members of the Board of Statutory Auditors when controlling and reviewing the correctness, in both form and substance, of the Company s activities and the operation of the internal control system; the Executives, with regard to the management of the Company, as regards the management of internal and external activities; the employees and all the co-workers with any type of contract with the Company, including on an occasional and/or merely temporary basis; all those who have commercial and/or financial relationships of any nature with the Company Purposes of the Model The Model drawn up by is based on a structured and organic set of procedures and monitoring activities which: identify crime-sensitive areas/processes in the Company s business, i.e. the activities where there is a higher chance that crimes are committed; define the internal regulatory system, aiming at the prevention of crime, and including the following documents: the Code of Ethics, which sets out ethical commitments and responsibilities undertaken by employees, directors and co-workers, in various capacities, of the Company, in the conduction of business and corporate affairs; the system of authorities, signing powers and authorizations to sign corporate documents, such as to ensure a clear and transparent representation of how decisions are formed and implemented; formal procedures, aiming at regulating methods of operation in risk areas; are founded on the assumption that the organisation is in line with the corporate business, and intended to inspire and monitor proper behaviours, thus ensuring a clear and organic attribution of tasks, by implementing an appropriate segregation of functions, and seeing to the actual implementation of the desired governance structures, by means of:

20 Organizational, Management and Control Model 18 a formally defined organizational chart, which is clear and appropriate to the activity to be carried out; a system of delegated authorities for internal functions and of proxies for the external representation of the Company, which ensures a clear and consistent segregation of functions; identify the processes for the management and control of financial resources in risk activities; assign to O.d.V. the task of monitoring the application of and compliance with the Model and put forward any proposals for amendment. The Model, therefore, purports to: improve the Corporate Governance system; organize a structured and organic prevention and control system, aiming at the reduction of the crime risk in relation with the corporate activity, particularly concerning the reduction of any illegal behaviour; determine, in all those who operate in the name and on behalf of in risk areas of activity, the awareness that by breaching the provisions hereof they might incur in an offence implying criminal or administrative sanctions, to be levied not only towards them but also towards the Company; inform all those who work in any capacity, in the name, on behalf or anyway in the interest of, that the breach of this Model s provisions shall imply the levy of appropriate sanctions; reassert that shall not tolerate any illegal behaviour, regardless of the purpose pursued in committing the crime, i.e. whether the offenders were acting on the wrong assumption to do so in the interest and to the advantage of the Company. Any illegal behaviour is condemned as it implies a violation of the ethical principles inspiring and is therefore opposed to the interest of the Company; actively censor any behaviour entailing a breach of the Model, by applying disciplinary and/or contract sanctions The Model s Preparation Process In consideration of the requirements of the mentioned Decree, launched an internal project for the constant update of this Model, with the active participation and proposals of the Surveillance Body. Therefore, the preparation of this Model is the result of a series of activities, divided into different phases, which focused on setting up a system for the prevention and management of risks, as described below. 1) Mapping of risk activities Objective of this phase was the analysis of the corporate context, with a view to mapping all the Company s areas of activity and, among those, pinpointing the processes and activities potentially sensitive to the crimes listed in the Decree. Corporate activities and risk activities and processes were identified by prior reviewing corporate documentation (organisational charts, key/core processes, powers of attorney, organizational instructions etc.), and subsequently carrying out a series of interviews with the key persons of the corporate structure. Such activity gave rise to a document containing a map of all the corporate activities, with an indication of crime sensitive ones. Analysis of possible application of homicide and unintentional injuries in violation of the obligations to safeguard workplace health and safety also took into account the assessment of the risks connected to the job in accordance with the criteria provided for by Legislative Decree no. 81/08, also taking into account the British Standard OHSAS 18001:2007 and the Guidelines UNI-INAIL for a workplace health and safety management system. 2) Analysis of potential risks The map of activities, based on the specific context in which operates and the relative outline of sensitive or risk processes/activities, led to the identification of the crimes and offences which could be potentially committed in the context of corporate activity, including any possible occasions, purposes and manners for such potential illegal conduct.